|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] Denial of Service in Apache log?
|
I see the following request in the apache access log for a web site that I'm
working on:
75.103.6.122 - - [27/Apr/2010:13:51:09 -0400] "GET /images/greenEdge_05.png
HTTP/1.1" 304 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
GTB6.4; .NET CLR 1.1.4322; .NET CLR 2.0.50727; MS-RTC LM 8; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)"
So far so good... it's a 304 indicating the image file "greenEdge_05.png" has
not changed.
Weirdness alert!!!.....
There are 8788 of these requests from the same IP address in the space of about
1140 seconds.
I see identical blocks of thousands of requests for the same greenEdge_05.png
file from other (random?) IPs - perhaps once or twice a day.
I have a hard time believing that some part of the html/css/javascript is
causing this. (I did not write said html/css/javascript BTW.)
Is this some kind of stupid DOS attack?
Is there a way to tell Apache to stop answering after the first few hundred
repeated requests in a minute? :-)
Eric
--
# Eric Lucas
#
# "Oh, I have slipped the surly bond of earth
# And danced the skies on laughter-silvered wings...
# -- John Gillespie Magee Jr
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|